Google Desktop vulnerable to attack

Found on CNet News on Monday, 04 June 2007

Security researcher Robert Hansen, aka RSnake, has published details of a new attack on Google Desktop. Basically, Hansen found a man-in-the-middle attack, this time placing an attacker between Google and someone launching a desktop search query. From this position, the attacker is able to manipulate the search results and possibly take control of other programs on the desktop.

Hansen writes: "This should drive home the point that deep integration between the desktop and the Web is not a good idea" since Google's site is unencrypted and therefore can be subverted by an attacker. But Hansen notes there are two caveats here: one, you need to have Google Desktop installed, and two, the attacker must be sophisticated enough to launch a man-in-the-middle attack upon you.

I'll never understand why someone would allow an application to upload personal data onto the servers of a company that's known to harvest all sorts of information for building profiles. Organizing, ever heard of it?

Browse all articles« Previous « » Next »